<?php
include_once("includes/global.php");
include_once("includes/smarty_config.php");
$action = $_GET['action'] ? $_GET['action'] : 'get_mobile';
//=========================================
$page="lostmobile.htm";

if($_POST['lostpass'] == 'lostpass'){
	if(empty($_POST['password'])){
		msg("lostmobile.php?action=mobile_pass&mobile=".$_POST['mobile'],'请设置密码');
		return false;
	}
	if($_POST['sms_code'] != $_SESSION['sms_code'] && !empty($_POST['sms_code'])){
		msg("lostmobile.php?action=mobile_pass&mobile=".$_POST['mobile'],'手机验证码不正确');
		return false;
	}
	$sql = "select * from ".MEMBER." where user = '{$_POST['mobile']}' or mobile = '{$_POST['mobile']}'  ";
	$db->query($sql);
	$member_exist = $db->fetchRow();
	if(empty($member_exist)) {
		msg("lostmobile.php?action=mobile_pass&mobile=".$_POST['mobile'],'用户不存在');
		return false;
	}
	$usql = "update ".MEMBER." set password = '".md5($_POST['password'])."' where user = ".$_POST['mobile'];
	if($db->query($usql)){
		msg("login.php");
		return false;
	} else {
		msg("lostmobile.php?action=mobile_pass&mobile=".$_POST['mobile'],'密码设置失败');
		return false;
	}



}


if($action == 'get_mobile') {
	$param = $_GET;

	if(!empty($param)){

		if(strtolower($param["code"])!=strtolower($_SESSION["auth"]))
		{
			msg('lostmobile.php','验证码不正确');
			return false;
		}

		$sql = "select * from ".MEMBER." where user = '{$param['mobile']}' or mobile = '{$param['mobile']}'  ";
		$db->query($sql);
		$member_exist = $db->fetchRow();
		if(empty($member_exist)) {
			msg('lostmobile.php','手机号不存在');
			return false;
		} else {
			msg("lostmobile.php?action=mobile_pass&mobile=".$param['mobile']);
		}
	}



}


$tpl->assign('action',$action);
//===========页面底部===============
include_once("footer.php");
$tpl->display($page);
?>